Privacy Policy

Last updated: May 19, 2026

1. Introduction

Welcome to Leohunt / kenyes.ai (the “Platform”). We are committed to protecting your personal information and being transparent about how we collect, use, and share it. This Privacy Policy explains our data practices for users of the Platform.

By using the Platform — whether as a registered user or as a guest — you agree to the collection and use of your information as described in this Privacy Policy. This Policy applies to all users, including those who access the Platform without creating a registered account. This Policy should be read alongside our Terms of Service.

2. Who We Are

Leohunt / kenyes.ai is an AI-powered local business discovery platform. For any privacy-related questions or requests, please contact us at: hello@kenyes.ai

3. Information We Collect

We collect the following categories of personal data:

a) Account Information

Registered Users (Google or Apple Sign-In):

  • Full name
  • Email address (via Google or Apple Sign-In)
  • Account creation date

Guest Users (Continue as Guest):

  • A unique anonymous user identifier, generated automatically when you choose “Continue as Guest”
  • A device-level application identifier (UUID), generated on first app launch and stored securely in your device’s Keychain to maintain your session across app launches and reinstalls
  • A record linking your device identifier to your anonymous session(s), used to maintain service continuity and enforce usage limits

Guest users are not required to provide a name or email address. If you later choose to sign in with Google or Apple, your anonymous account is linked to your new registered account, and the data collected during your guest session is associated with your registered identity.

b) Location Data

  • Precise or approximate geographic location, collected when you use the Platform and grant location permissions

Location data is essential to the core functionality of the Platform, including local business discovery and AI-powered recommendations. You may revoke location permissions via your iOS device settings at any time, though this may limit Platform functionality.

c) Usage Data

  • Features used and time spent on the Platform
  • Crash reports and performance data
  • Search queries and AI conversation content within the Platform

d) Business Interaction History

  • Businesses you have searched for, viewed, or engaged with
  • Saved or favorited businesses
  • AI recommendation interactions and preferences derived from your activity

4. How We Use Your Information

  • To provide, operate, and improve the Platform and its features
  • To personalize your experience, including AI-powered business recommendations based on your location and activity
  • To create and manage your account (for registered users) or to establish and maintain your guest session (for guest users)
  • To communicate with you about your account, updates, and changes to our policies
  • To monitor and analyze usage patterns to improve Platform performance and user experience
  • To enforce usage limits and prevent abuse (including tracking AI compute usage per device for guest users and per account for registered users)
  • To detect, investigate, and prevent fraudulent, abusive, or illegal activity
  • To comply with applicable legal obligations
  • To support business partners listed on the Platform with aggregated, non-personally identifiable insights

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance — processing necessary to provide the Platform services you have signed up for
  • Legitimate interests — analytics, fraud prevention, and Platform improvement, where these do not override your rights
  • Consent — for location data collection and any optional data processing you explicitly agree to
  • Legal obligation — where we are required to process data to comply with applicable law

You may withdraw consent at any time where consent is the basis for processing, without affecting the lawfulness of prior processing.

6. Third-Party Service Providers

We do not sell your personal data. We work with the following third-party service providers to operate the Platform. Each provider only receives the data necessary to perform their specific function:

Supabase

We use Supabase as our backend database and authentication infrastructure. Supabase stores your account information, location data, business interaction history, and analytics data. For guest users, Supabase creates and manages an anonymous authentication session linked to a unique user identifier. Data is processed in accordance with Supabase’s data processing agreement.

Google Sign-In

We use Google Sign-In for account authentication. When you sign in with Google, we receive your name and email address from Google. We do not receive your Google password. Google’s use of your data is governed by Google’s Privacy Policy.

Apple Sign-In

We use Apple Sign-In for account authentication. When you sign in with Apple, we receive your name and email address (or Apple’s private relay address if you choose to hide your email). Apple’s use of your data is governed by Apple’s Privacy Policy.

Google Gemini

We use Google Gemini to power AI-based business search, recommendations, and conversation features. Your search queries and conversation content are sent to Google Gemini for processing. Data is processed in accordance with Google’s API Terms of Service and privacy commitments.

OpenAI

We use OpenAI APIs for certain AI processing features within the Platform. Your search queries and interaction data may be sent to OpenAI for processing. Data is processed in accordance with OpenAI’s API usage policies.

Geoapify

We use Geoapify for location-based search and mapping features. Your location data and search queries are sent to Geoapify to return nearby business results. Data is processed in accordance with Geoapify’s privacy policy.

Legal Requirements and Business Transfers

We may disclose your information if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect the rights, property, or safety of kenyes.ai, our users, or others. In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction and you will be notified in advance.

7. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide the Platform services. We distinguish between the following types of deletion:

Conversation Deletion

When you delete a conversation, all messages and conversation content are permanently and immediately deleted. We retain certain analytics data linked to your account identifier, including raw search queries, search results, and AI usage statistics, for platform improvement and usage tracking purposes. As this data remains linked to your account identifier it is personal data — you may request its deletion at any time by contacting us at hello@kenyes.ai.

Account Deletion

When you delete your account, all personal data is permanently and immediately erased, including your name, email address, location data, usage history, conversations, and analytics records. The only data retained after account deletion is a one-way hashed version of your email address, kept for 30 days solely for AI compute usage abuse prevention. This hashed value cannot be used to identify or contact you, and is permanently deleted after 30 days.

Guest User Data

Guest user data (anonymous user identifier, device application identifier, conversation content, and usage statistics) is retained for as long as the anonymous session remains active. If a guest user upgrades to a registered account, all guest session data is associated with the registered account and is thereafter subject to the registered account deletion process described above.

Guest users may request deletion of their data by contacting us at hello@kenyes.ai and providing their device application identifier. In-app account deletion is not available for guest users because guest sessions do not have a registered account; deletion must be requested via email. Upon a verified request, we will delete the anonymous user record, conversations, and associated session data. Certain analytics data — specifically AI usage statistics and business interaction records — is retained with all user identifiers removed, for platform improvement purposes. This retained data cannot be used to re-identify you.

For more detail on account and guest data deletion, please refer to Section 14 of our Terms of Service.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data. These include:

  • Encryption of data in transit (TLS)
  • Supabase Row Level Security (RLS) ensuring users can only access their own data
  • Access controls limiting who within our team can access personal data
  • Minimal local storage limited to session identifiers (a device application identifier stored in your device’s Keychain and authentication tokens); no other personal data is cached or stored on your device

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify you of any data breach that affects your rights as required by applicable law.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@kenyes.ai. We will respond within 30 days.

All Users

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Deletion — request that we delete your personal data, subject to our retention obligations
  • Objection — object to certain types of processing, including direct marketing

EEA / GDPR Users (additional rights)

  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request that we restrict processing of your data in certain circumstances
  • Withdraw consent — where processing is based on consent, withdraw it at any time
  • Lodge a complaint — with your local data protection authority

10. Children’s Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected such data, we will delete it promptly. Contact us at hello@kenyes.ai if you believe this has occurred.

11. International Data Transfers

Your data may be processed in countries other than your own, including through our third-party providers listed in Section 6. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

12. Third-Party Business Listings

The Platform may display or link to websites and information operated by third-party businesses. We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before submitting any personal information. For full details on our disclaimers regarding third-party business listings and external URLs, please refer to Section 10 of our Terms of Service.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by updating the effective date and, where appropriate, through in-app notifications or email. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: